Responsible Use Policy - FAQ #2 - Access, Network/Web Use, Files
- What do you mean by "authorized"? Who authorizes? in terms of users and in terms of equipment connected to campus resources?
- Can a department have a stricter policy? a more lenient policy? Which takes precedence when?
- I teach a CSC class on networks. Do the rules for port scanning, hacking, etc., apply to me?
- Can I put material downloaded from the Internet on Canvas or other Web site used by students in my course?
- Are students allowed to have offensive material on their web sites, screen savers? Why?
- Can I play games on workstations and/or over the campus network?
- What is SPAM?
- Why doesn't the University block SPAM?
- What is "phishing"?
- You reserve the right to delete files in the event of an emergency. Is there any way to recover deleted information for a class, a senior project, or a research contract? Should the "importance" determine the level of effort to restore the information?
- I am out of town (or on sabbatical or leave) and don't get the warning that files will be deleted. Do I have any recourse?
It depends, but generally use of a specific resource is authorized by the campus entity with primary ownership of and responsibility for that resource. For example, students and employees automatically receive a Cal Poly email and calendar account after agreeing to abide by this policy, but affiliated users must have departmental approval to receive such services. A departmental system may have specific uses authorized by that department that differ from ITS.
2. Can a department have a stricter policy? A more lenient policy? Which takes precedent when?
A department may have stricter or more lenient policies provided they are consistent with existing laws and policies. Departmental policies take precedent when the resources affected are restricted to the department. The RUP takes effect when departmental policies result in violations affecting individuals or resources outside the department. Departments are encouraged to review their policies with Information Services for known legal issues.
3. I teach a CSC class on networks. Do the rules for port scanning, hacking, etc., apply to me?
Classroom use is an authorized activity within the bounds of the classroom environment. For example, a network course may use port scanning as a teaching tool within the departmental network and systems designated for use for that course. Logging into and performing the scan on a machine/network designated for that purpose at a designated time would be acceptable use. However, conducting a port scan from on any other Cal Poly or non-Cal Poly system would not be an acceptable use at any time, regardless of intent.
Material downloaded from the Internet may be used as long as it is known to be in the public domain or licensed for such use. Never assume that because there is no copyright notice that an item is in the public domain. To be safe, you should obtain the owner's permission before posting or distributing materials to students. If they require that access be limited to the class, it may be necessary to password protect the materials, include language advising the students not to redistribute the material, and other measures.
5. Are students allowed to have offensive material on their web sites, screen savers? Why?
Material considered offensive to one person may not be to others and may constitute free speech, which is protected by the First Amendment of the U.S. Constitution. Cal Poly does not monitor or censor personal web pages hosted on University servers or files hosted on personal computers. There may be valid reasons for accessing or displaying such materials in an academic context. However, material that violates applicable laws, e.g., child pornography, is not allowed. In addition, offensive screen savers, sounds, or wall papers may constitute a hostile workplace when used on a device that other users may have an opportunity to view in lab or office environments. If complaints were received in that case, the individual would be asked to perform their work elsewhere.
6. Can I play games on workstations and/or over the campus network?
Games are non-academically related programs that are primarily run for their entertainment or recreation value. The ability to play games on workstations is regulated by the entity responsible for those workstations or the system on which the game is running. Academically related games are permitted. Playing networked based games or running a game on one system from another is also limited by available network capacity and competing needs of the University for network access. Priority for network use is given to academic requirements and approved University business activities. A good rule of thumb is that if response seems be slower than normal, game playing should be discontinued.
7. What is SPAM? What can I do about it?
SPAM refers to unsolicited email and is covered by State law which provides civil remedies only. This means the recipient may sue the sender if they fail to stop after the recipient notifies them to do so. Unfortunately, most SPAMers don't have assets in California and are hard to sue, even if you have the desire to pursue such a course. In addition, notifying the sender to stop can verify your email address and cause you to receive more SPAM. Finally, some SPAM may include attachments carrying potentially destructive malware. Cal Poly recommends that users simply delete unwanted SPAM in the same way they throw away junk mail received through the U.S. Post Office. Notify abuse@calpoly.edu if the SPAM appears to have originated at Cal Poly.
8. Why doesn't the University block SPAM?
More than 90% of all incoming messages constitutes SPAM and is already being blocked by ITS. In addition, messages suspected of being SPAM are scored and tagged as "cpSPAM" prior to delivery so users can easily filter and delete them. However, users can still expect to receive marketing emails and SPAM designed to bypass such tools. ITS will not block the latter unless they represent a threat ("phishing") or impact large numbers of users. Otherwise, blocking the remaining SPAM is generally ineffective and may prevent delivery of valid emails.
"Phishing" is a tool used by cyber criminals to steal personal information from another person. It typically involves an email that appears to be from a trusted source (e.g, Cal Poly, online service provider, employer, bank, etc.). The email is designed to trick you into entering confidential information (e.g., passwords, account numbers, SSN, birthdate, etc.) using an embedded link to follow and confirm your account details. You may also be asked to reply with this information. The criminal will then use the information provided to access your account to buy stuff, transfer money, send SPAM, or other damaging activity. Revealing your Cal Poly username and password puts you and the university at risk. Phone scams are another tool used to obtain your personal and Cal Poly information. For details, see What is Phishing?
Whether a file is backed up and how often depends on where it lives. If you have important documents, you should work with your IT support staff to ensure those files are backed up. Email, Canvas, Drupal and other centrally managed services are routinely backed up. However, such backups are designed to restore an enterprise service in the event of a disaster, rather than to restore files deleted by individual users. If a file was created or heavily modified since the last backup, recent changes will be lost.
Backups are only kept for a finite amount of time and become less granular as time goes on. Consequently, the longer between when the delete occurred and the file recovery request is submitted, the less likely the file will be recoverable in a useful form if at all.